[{"data":1,"prerenderedAt":64},["ShallowReactive",2],{"publication-daily-threat-publications-2026-04-18":3},{"pub_id":4,"headline":5,"summary":6,"pub_date":7,"total_articles":8,"articles":9},"pub-2026-04-18","Vercel Supply Chain Attack, Actively Exploited Microsoft Defender Zero-Days, and Iranian Threats to US Infrastructure Dominate Headlines","This period's cybersecurity landscape is marked by high-stakes incidents, including a sophisticated supply chain attack on Vercel via a third-party AI tool, active exploitation of multiple Microsoft Defender zero-days, and a stark warning from U.S. agencies about escalating Iranian cyberattacks on critical infrastructure. Other major events include a massive Patch Tuesday from Microsoft addressing 164 CVEs, a supply chain compromise of the popular Axios NPM package by North Korean actors, and significant data breaches at McGraw Hill and Amtrak, highlighting persistent threats across software development, cloud services, and public sectors.","2026-04-18",3,[10,30,48],{"id":11,"slug":12,"headline":13,"title":14,"severity":15,"excerpt":16,"tags":17,"categories":24,"createdAt":27,"updatedAt":27,"readingTime":28,"isUpdate":29},"aca0ef59-81af-4d0a-a4fc-d3e5dd483451","vercel-discloses-supply-chain-attack-via-compromised-third-party-ai-tool","Vercel Hit by Supply Chain Attack; ShinyHunters Claims Responsibility, Demands $2M","Vercel Confirms Supply Chain Attack Originating from Compromised Third-Party AI Tool, Context.ai","high","Cloud platform Vercel has confirmed a security breach stemming from a supply chain attack involving the compromise of a third-party AI tool, Context.ai. Attackers exploited a Vercel employee's Google Workspace account via a compromised OAuth token, gaining access to internal systems and non-sensitive environment variables. The threat actor group ShinyHunters has claimed responsibility for the attack, offering stolen Vercel data, including source code and access keys, for $2 million on a hacking forum. Vercel has stated that only a limited subset of customers were affected and has engaged Mandiant for incident response.",[18,19,20,21,22,23],"OAuth","Supply Chain","Cloud Security","AI Security","Credential Theft","BreachForums",[25,26,20],"Supply Chain Attack","Data Breach","2026-04-18T15:00:00.000Z",6,false,{"id":31,"slug":32,"headline":33,"title":34,"severity":15,"excerpt":35,"tags":36,"categories":44,"createdAt":27,"updatedAt":27,"readingTime":47,"isUpdate":29},"e3650af6-6ff4-4ae1-a91c-dbdc16a3c1a4","zionsiphon-malware-discovered-targeting-israeli-water-infrastructure","New 'ZionSiphon' Malware Specifically Targets Israeli Water Infrastructure for Sabotage","ZionSiphon: New OT Malware Discovered Targeting Israeli Water Treatment and Desalination Facilities","Security researchers have analyzed ZionSiphon, a new malware strain specifically engineered to target Israeli water infrastructure. The malware, which explicitly references Israel's national water company and major desalination plants, combines data exfiltration and reconnaissance features with capabilities designed for sabotage of industrial control systems (ICS). ZionSiphon can propagate via USB drives to infect air-gapped networks and contains logic to tamper with critical processes like chlorine levels and water pressure, highlighting a dangerous trend of politically motivated attacks on critical OT environments.",[37,38,39,40,41,42,43],"Malware","ICS","OT","SCADA","Israel","Water Infrastructure","Sabotage",[37,45,46],"Industrial Control Systems","Cyberattack",7,{"id":49,"slug":50,"headline":51,"title":52,"severity":15,"excerpt":53,"tags":54,"categories":62,"createdAt":27,"updatedAt":27,"readingTime":28,"isUpdate":29},"aae9cf0e-0815-42e4-b302-905997150b6f","uac-0247-espionage-campaign-targets-government-and-healthcare-in-ukraine","UAC-0247 Espionage Campaign Targets Ukrainian Government and Healthcare with Data-Stealing Malware","CERT-UA Warns of UAC-0247 Cyber-Espionage Campaign Targeting Government and Healthcare in Ukraine","The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing cyber-espionage campaign by the threat actor UAC-0247. Active since March 2026, the campaign targets Ukrainian government bodies and healthcare facilities with phishing emails. The attack uses a multi-stage infection chain involving LNK and HTA files to deploy a data-stealing payload that injects into legitimate processes like RuntimeBroker.exe. The malware, similar to the RAVENSHELL backdoor, is designed to exfiltrate data from web browsers and the WhatsApp desktop application.",[55,56,57,58,59,60,61],"Espionage","Ukraine","UAC-0247","CERT-UA","Phishing","Healthcare","Government",[63,59,46],"Threat Actor",1776724729050]